CVE Published: 25/07/2024 |
CVE Updated: 01/08/2024 |
CVE Year: 2024 Source: XI |
Vendor: Softaculous |
Product: Webuzo Status : PUBLISHED
CVE-2024-24621 Description
Softaculous Webuzo contains an authentication bypass vulnerability through the password reset functionality. Remote, anonymous attackers can exploit this vulnerability to gain full server access as the root user.
Metrics
CVSS Version: 3.1 |
Base Score: 9.8 CRITICAL Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H